|
List Info Thread: Port Forwarding/Redirecting
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Port Forwarding/Redirecting |
|
List Info Thread: Port Forwarding/Redirecting
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
yahoo.com> wrote:
> This can't be very difficult to do but damn if I
can't get it to work.
>
> I have read over and over again every example I've
found on the web
> to no avail.
>
> I've got a PIX 515 v6.3.
> Anti-spam device behind firewall.
> smtp server behind firewall.
>
> My PIX is up and running with no troubles as is the
smtp server (have
> been for a few years now), we just added the anti-spam
device, I know
> I could do this via DNS and MX records if I have to,
but would like
> to do it with port forwarding/redirecting.
>
> Trying to forward ALL incoming smtp traffic to the
anti-spam device
> which will then either kill spam or forward good mail
to the smtp
> server.
>
> Internet ---incomming traffic----> PIX ---smtp
traffic---> antispam -
> ---> smtp server
> |
> |
> V
> all other traffic
>
> Assume PIX outside IP = 111.111.111.111
> Assume antispam IP = 222.222.222.222
> Assume smtp server IP = 222.222.222.333
>
> All IPs are static, no dhcp, no nat.
>
> Current config looks like this (some parts removed as
not necessary):
>
> interface ethernet0 auto
> interface ethernet1 auto
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> names
> name 222.222.222.222 antispam
> name 222.222.222.333 smtpserver
> access-list ACL_OUT permit tcp any host smtpserver eq
domain
> access-list ACL_OUT permit tcp any host smtpserver eq
ssh
> access-list ACL_OUT permit tcp any host smtpserver eq
pop3
> access-list ACL_OUT permit tcp any host smtpserver eq
smtp
> access-list ACL_OUT permit tcp any host smtpserver eq
imap4
> access-list ACL_OUT permit udp any host smtpserver eq
domain
> access-list ACL_OUT permit tcp any host antispam eq ssh
> access-list ACL_OUT permit tcp any host antispam eq
smtp
> access-list ACL_OUT permit tcp any host antispam eq
domain
> access-list ACL_OUT permit udp any host antispam eq
domain
> access-list ACL_OUT permit udp any host antispam eq ntp
> access-list ACL_OUT permit tcp any host antispam eq www
> ip address outside 111.111.111.111 255.255.255.252
> ip audit info action alarm
> ip audit attack action alarm
> nat (inside) 0 0.0.0.0 0.0.0.0 0 0
> static (inside,outside) smtpserver smtpserver netmask
255.255.255.255
> 0 0
> static (inside,outside) antispam antispam netmask
255.255.255.255 0 0
> access-group ACL_OUT in interface outside
>
> #Configed as above all smtp traffic goes to the smtp
server as normal
> and all users get their eamil with no problems at all
(have been for
> years).
> #according to the example at the cisco site I made the
following
> change:
>
> Changed - static (inside,outside) smtpserver smtpserver
netmask
> 255.255.255.255 0 0
> to - static (inside,outside) tcp smtpserver smtp
antispam smtp
> netmask 255.255.255.255 0 0
>
> #Nothing happens, all smtp traffic appears to go
directly to the smtp
> server, users still getting all emails. Yes the
antispam machine is
> on and ready to accept incoming smtp traffic.
>
> If the above config looks okay, then I'll try to dig
deeper via logs
> to see whats up.
>
> Thank in advance for any help.
>
>
>
>
>
>
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection
around